rbnacl-libsodium 0.4.5a

data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sign_edwards25519sha512batch.c

@@ -0,0 +1,102 @@
+#include "api.h"
+#include "crypto_hash_sha512.h"
+#include "randombytes.h"
+#include "crypto_verify_32.h"
+
+#include "ge25519.h"
+
+int crypto_sign_keypair(
+    unsigned char *pk,
+    unsigned char *sk
+    )
+{
+  sc25519 scsk;
+  ge25519 gepk;
+
+  randombytes(sk, 32);
+  crypto_hash_sha512(sk, sk, 32);
+  sk[0] &= 248;
+  sk[31] &= 127;
+  sk[31] |= 64;
+
+  sc25519_from32bytes(&scsk,sk);
+
+  ge25519_scalarmult_base(&gepk, &scsk);
+  ge25519_pack(pk, &gepk);
+  return 0;
+}
+
+int crypto_sign(
+    unsigned char *sm,unsigned long long *smlen,
+    const unsigned char *m,unsigned long long mlen,
+    const unsigned char *sk
+    )
+{
+  sc25519 sck, scs, scsk;
+  ge25519 ger;
+  unsigned char r[32];
+  unsigned char s[32];
+  unsigned long long i;
+  unsigned char hmg[crypto_hash_sha512_BYTES];
+  unsigned char hmr[crypto_hash_sha512_BYTES];
+
+  *smlen = mlen+64;
+  for(i=0;i<mlen;i++)
+    sm[32 + i] = m[i];
+  for(i=0;i<32;i++)
+    sm[i] = sk[32+i];
+  crypto_hash_sha512(hmg, sm, mlen+32); /* Generate k as h(m,sk[32],...,sk[63]) */
+
+  sc25519_from64bytes(&sck, hmg);
+  ge25519_scalarmult_base(&ger, &sck);
+  ge25519_pack(r, &ger);
+
+  for(i=0;i<32;i++)
+    sm[i] = r[i];
+
+  crypto_hash_sha512(hmr, sm, mlen+32); /* Compute h(m,r) */
+  sc25519_from64bytes(&scs, hmr);
+  sc25519_mul(&scs, &scs, &sck);
+
+  sc25519_from32bytes(&scsk, sk);
+  sc25519_add(&scs, &scs, &scsk);
+
+  sc25519_to32bytes(s,&scs); /* cat s */
+  for(i=0;i<32;i++)
+    sm[mlen+32+i] = s[i];
+
+  return 0;
+}
+
+int crypto_sign_open(
+    unsigned char *m,unsigned long long *mlen,
+    const unsigned char *sm,unsigned long long smlen,
+    const unsigned char *pk
+    )
+{
+  unsigned long long i;
+  unsigned char t1[32], t2[32];
+  ge25519 get1, get2, gepk;
+  sc25519 schmr, scs;
+  unsigned char hmr[crypto_hash_sha512_BYTES];
+
+  if (ge25519_unpack_vartime(&get1, sm)) return -1;
+  if (ge25519_unpack_vartime(&gepk, pk)) return -1;
+
+  crypto_hash_sha512(hmr,sm,smlen-32);
+
+  sc25519_from64bytes(&schmr, hmr);
+  ge25519_scalarmult(&get1, &get1, &schmr);
+  ge25519_add(&get1, &get1, &gepk);
+  ge25519_pack(t1, &get1);
+
+  sc25519_from32bytes(&scs, &sm[smlen-32]);
+  ge25519_scalarmult_base(&get2, &scs);
+  ge25519_pack(t2, &get2);
+
+  for(i=0;i<smlen-64;i++)
+    m[i] = sm[i + 32];
+  *mlen = smlen-64;
+
+  return crypto_verify_32(t1, t2);
+}

data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/sign_edwards25519sha512batch_api.c

@@ -0,0 +1,21 @@
+#include "crypto_sign_edwards25519sha512batch.h"
+
+size_t
+crypto_sign_edwards25519sha512batch_bytes(void) {
+    return crypto_sign_edwards25519sha512batch_BYTES;
+}
+
+size_t
+crypto_sign_edwards25519sha512batch_publickeybytes(void) {
+    return crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES;
+}
+
+size_t
+crypto_sign_edwards25519sha512batch_secretkeybytes(void) {
+    return crypto_sign_edwards25519sha512batch_SECRETKEYBYTES;
+}
+
+const char *
+crypto_sign_edwards25519sha512batch_primitive(void) {
+    return "edwards25519sha512batch";
+}

data/vendor/libsodium/src/libsodium/crypto_sign/try.c

@@ -0,0 +1,87 @@
+/*
+ * crypto_sign/try.c version 20090118
+ * D. J. Bernstein
+ * Public domain.
+ */
+
+#include <stdlib.h>
+#include "randombytes.h"
+#include "crypto_sign.h"
+#include "windows/windows-quirks.h"
+
+#define MAXTEST_BYTES 10000
+#define TUNE_BYTES 1536
+
+extern unsigned char *alignedcalloc(unsigned long long);
+
+const char *primitiveimplementation = crypto_sign_IMPLEMENTATION;
+
+static unsigned char *pk;
+static unsigned char *sk;
+static unsigned char *m; unsigned long long mlen;
+static unsigned char *sm; unsigned long long smlen;
+static unsigned char *t; unsigned long long tlen;
+
+void preallocate(void)
+{
+#ifdef RAND_R_PRNG_NOT_SEEDED
+  RAND_status();
+#endif
+}
+
+void allocate(void)
+{
+  pk = alignedcalloc(crypto_sign_PUBLICKEYBYTES);
+  sk = alignedcalloc(crypto_sign_SECRETKEYBYTES);
+  m = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
+  sm = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
+  t = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
+}
+
+void predoit(void)
+{
+  crypto_sign_keypair(pk,sk);
+  mlen = TUNE_BYTES;
+  smlen = 0;
+  randombytes(m,mlen);
+  crypto_sign(sm,&smlen,m,mlen,sk);
+}
+
+void doit(void)
+{
+  crypto_sign_open(t,&tlen,sm,smlen,pk);
+}
+
+char checksum[crypto_sign_BYTES * 2 + 1];
+
+const char *checksum_compute(void)
+{
+  long long mlen;
+  long long i;
+  long long j;
+
+  if (crypto_sign_keypair(pk,sk) != 0) return "crypto_sign_keypair returns nonzero";
+  for (mlen = 0;mlen < MAXTEST_BYTES;mlen += 1 + (mlen / 16)) {
+    if (crypto_sign(sm,&smlen,m,mlen,sk) != 0) return "crypto_sign returns nonzero";
+    if (crypto_sign_open(t,&tlen,sm,smlen,pk) != 0) return "crypto_sign_open returns nonzero";
+    if (tlen != mlen) return "crypto_sign_open does not match length";
+    for (i = 0;i < tlen;++i)
+      if (t[i] != m[i])
+        return "crypto_sign_open does not match contents";
+
+    j = rand() % smlen;
+    sm[j] ^= 1;
+    if (crypto_sign_open(t,&tlen,sm,smlen,pk) == 0) {
+      if (tlen != mlen) return "crypto_sign_open allows trivial forgery of length";
+      for (i = 0;i < tlen;++i)
+        if (t[i] != m[i])
+          return "crypto_sign_open allows trivial forgery of contents";
+    }
+    sm[j] ^= 1;
+
+  }
+
+  /* do some long-term checksum */
+  checksum[0] = 0;
+  return 0;
+}

data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/checksum

@@ -0,0 +1 @@
+6e9966897837aae181e93261ae88fdf0

data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/afternm_aes128ctr.c

@@ -0,0 +1,159 @@
+/* Author: Peter Schwabe, ported from an assembly implementation by Emilia Käsper
+ * Date: 2009-03-19
+ * Public domain */
+
+#include "api.h"
+#include "int128.h"
+#include "common.h"
+#include "consts.h"
+
+int crypto_stream_afternm(unsigned char *outp, unsigned long long len, const unsigned char *noncep, const unsigned char *c)
+{
+
+  int128 xmm0;
+  int128 xmm1;
+  int128 xmm2;
+  int128 xmm3;
+  int128 xmm4;
+  int128 xmm5;
+  int128 xmm6;
+  int128 xmm7;
+
+  int128 xmm8;
+  int128 xmm9;
+  int128 xmm10;
+  int128 xmm11;
+  int128 xmm12;
+  int128 xmm13;
+  int128 xmm14;
+  int128 xmm15;
+
+  int128 nonce_stack;
+  unsigned long long lensav;
+  unsigned char bl[128];
+  unsigned char *blp;
+  unsigned char *np;
+  unsigned char b;
+
+  uint32 tmp;
+
+  /* Copy nonce on the stack */
+  copy2(&nonce_stack, (const int128 *) (noncep + 0));
+  np = (unsigned char *)&nonce_stack;
+
+    enc_block:
+
+    xmm0 = *(int128 *) (np + 0);
+    copy2(&xmm1, &xmm0);
+    shufb(&xmm1, SWAP32);
+    copy2(&xmm2, &xmm1);
+    copy2(&xmm3, &xmm1);
+    copy2(&xmm4, &xmm1);
+    copy2(&xmm5, &xmm1);
+    copy2(&xmm6, &xmm1);
+    copy2(&xmm7, &xmm1);
+
+    add_uint32_big(&xmm1, 1);
+    add_uint32_big(&xmm2, 2);
+    add_uint32_big(&xmm3, 3);
+    add_uint32_big(&xmm4, 4);
+    add_uint32_big(&xmm5, 5);
+    add_uint32_big(&xmm6, 6);
+    add_uint32_big(&xmm7, 7);
+
+    shufb(&xmm0, M0);
+    shufb(&xmm1, M0SWAP);
+    shufb(&xmm2, M0SWAP);
+    shufb(&xmm3, M0SWAP);
+    shufb(&xmm4, M0SWAP);
+    shufb(&xmm5, M0SWAP);
+    shufb(&xmm6, M0SWAP);
+    shufb(&xmm7, M0SWAP);
+
+    bitslice(xmm7, xmm6, xmm5, xmm4, xmm3, xmm2, xmm1, xmm0, xmm8)
+
+    aesround( 1, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c)
+    aesround( 2, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c)
+    aesround( 3, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c)
+    aesround( 4, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c)
+    aesround( 5, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c)
+    aesround( 6, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c)
+    aesround( 7, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c)
+    aesround( 8, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c)
+    aesround( 9, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c)
+    lastround(xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c)
+
+    bitslice(xmm13, xmm10, xmm15, xmm11, xmm14, xmm12, xmm9, xmm8, xmm0)
+
+    if(len < 128) goto partial;
+    if(len == 128) goto full;
+
+    tmp = load32_bigendian(np + 12);
+    tmp += 8;
+    store32_bigendian(np + 12, tmp);
+
+    *(int128 *) (outp + 0) = xmm8;
+    *(int128 *) (outp + 16) = xmm9;
+    *(int128 *) (outp + 32) = xmm12;
+    *(int128 *) (outp + 48) = xmm14;
+    *(int128 *) (outp + 64) = xmm11;
+    *(int128 *) (outp + 80) = xmm15;
+    *(int128 *) (outp + 96) = xmm10;
+    *(int128 *) (outp + 112) = xmm13;
+
+    len -= 128;
+    outp += 128;
+
+    goto enc_block;
+
+    partial:
+
+    lensav = len;
+    len >>= 4;
+
+    tmp = load32_bigendian(np + 12);
+    tmp += len;
+    store32_bigendian(np + 12, tmp);
+
+    blp = bl;
+    *(int128 *)(blp + 0) = xmm8;
+    *(int128 *)(blp + 16) = xmm9;
+    *(int128 *)(blp + 32) = xmm12;
+    *(int128 *)(blp + 48) = xmm14;
+    *(int128 *)(blp + 64) = xmm11;
+    *(int128 *)(blp + 80) = xmm15;
+    *(int128 *)(blp + 96) = xmm10;
+    *(int128 *)(blp + 112) = xmm13;
+
+    bytes:
+
+    if(lensav == 0) goto end;
+
+    b = blp[0]; /* clang false positive */
+    *(unsigned char *)(outp + 0) = b;
+
+    blp += 1;
+    outp +=1;
+    lensav -= 1;
+
+    goto bytes;
+
+    full:
+
+    tmp = load32_bigendian(np + 12);
+    tmp += 8;
+    store32_bigendian(np + 12, tmp);
+
+    *(int128 *) (outp + 0) = xmm8;
+    *(int128 *) (outp + 16) = xmm9;
+    *(int128 *) (outp + 32) = xmm12;
+    *(int128 *) (outp + 48) = xmm14;
+    *(int128 *) (outp + 64) = xmm11;
+    *(int128 *) (outp + 80) = xmm15;
+    *(int128 *) (outp + 96) = xmm10;
+    *(int128 *) (outp + 112) = xmm13;
+
+    end:
+    return 0;
+
+}

data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/api.h

@@ -0,0 +1,14 @@
+
+#include "crypto_stream_aes128ctr.h"
+
+#define crypto_stream crypto_stream_aes128ctr
+#define crypto_stream_xor crypto_stream_aes128ctr_xor
+#define crypto_stream_beforenm crypto_stream_aes128ctr_beforenm
+#define crypto_stream_afternm crypto_stream_aes128ctr_afternm
+#define crypto_stream_xor_afternm crypto_stream_aes128ctr_xor_afternm
+#define crypto_stream_KEYBYTES crypto_stream_aes128ctr_KEYBYTES
+#define crypto_stream_NONCEBYTES crypto_stream_aes128ctr_NONCEBYTES
+#define crypto_stream_BEFORENMBYTES crypto_stream_aes128ctr_BEFORENMBYTES
+#define crypto_stream_PRIMITIVE "aes128ctr"
+#define crypto_stream_IMPLEMENTATION crypto_stream_aes128ctr_IMPLEMENTATION
+#define crypto_stream_VERSION crypto_stream_aes128ctr_VERSION

data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/beforenm_aes128ctr.c

@@ -0,0 +1,59 @@
+/* Author: Peter Schwabe, ported from an assembly implementation by Emilia Käsper
+ * Date: 2009-03-19
+ * Public domain */
+
+#include "api.h"
+#include "consts.h"
+#include "int128.h"
+#include "common.h"
+
+int crypto_stream_beforenm(unsigned char *c, const unsigned char *k)
+{
+
+  /*
+     int64 x0;
+     int64 x1;
+     int64 x2;
+     int64 x3;
+     int64 e;
+     int64 q0;
+     int64 q1;
+     int64 q2;
+     int64 q3;
+     */
+
+  int128 xmm0;
+  int128 xmm1;
+  int128 xmm2;
+  int128 xmm3;
+  int128 xmm4;
+  int128 xmm5;
+  int128 xmm6;
+  int128 xmm7;
+  int128 xmm8;
+  int128 xmm9;
+  int128 xmm10;
+  int128 xmm11;
+  int128 xmm12;
+  int128 xmm13;
+  int128 xmm14;
+  int128 xmm15;
+  int128 t;
+
+  bitslicekey0(k, c)
+
+    keyexpbs1(xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c)
+    keyexpbs(xmm0, xmm1, xmm4, xmm6, xmm3, xmm7, xmm2, xmm5, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm1);, 2,c)
+    keyexpbs(xmm0, xmm1, xmm3, xmm2, xmm6, xmm5, xmm4, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm6);, 3,c)
+    keyexpbs(xmm0, xmm1, xmm6, xmm4, xmm2, xmm7, xmm3, xmm5, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm3);, 4,c)
+
+    keyexpbs(xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm3);, 5,c)
+    keyexpbs(xmm0, xmm1, xmm4, xmm6, xmm3, xmm7, xmm2, xmm5, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm5);, 6,c)
+    keyexpbs(xmm0, xmm1, xmm3, xmm2, xmm6, xmm5, xmm4, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm3);, 7,c)
+    keyexpbs(xmm0, xmm1, xmm6, xmm4, xmm2, xmm7, xmm3, xmm5, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm7);, 8,c)
+
+    keyexpbs(xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm0); xor_rcon(&xmm1); xor_rcon(&xmm6); xor_rcon(&xmm3);, 9,c)
+    keyexpbs10(xmm0, xmm1, xmm4, xmm6, xmm3, xmm7, xmm2, xmm5, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c)
+
+    return 0;
+}